2023-12-03 08:49:24 +00:00
# as of 2023/12/02: complete blockchain is 530 GiB (on-disk size may be larger)
2024-01-02 18:11:46 +00:00
#
2024-01-04 16:20:28 +00:00
# ports:
# - 8333: for node-to-node communications
# - 8332: rpc (client-to-node)
#
2024-01-02 18:11:46 +00:00
# rpc setup:
# - generate a password
# - use: <https://github.com/bitcoin/bitcoin/blob/master/share/rpcauth/rpcauth.py>
# (rpcauth.py is not included in the `'.#bitcoin'` package result)
# - `wget https://raw.githubusercontent.com/bitcoin/bitcoin/master/share/rpcauth/rpcauth.py`
# - `python ./rpcauth.py colin`
# - copy the hash here. it's SHA-256, so safe to be public.
# - add "rpcuser=colin" and "rpcpassword=<output>" to secrets/servo/bitcoin.conf (i.e. ~/.bitcoin/bitcoin.conf)
# - bitcoin.conf docs: <https://github.com/bitcoin/bitcoin/blob/master/doc/bitcoin-conf.md>
# - validate with `bitcoin-cli -netinfo`
2024-01-04 16:20:28 +00:00
{ config , lib , pkgs , sane-lib , . . . }:
let
# wrapper to run bitcoind with the tor onion address as externalip (computed at runtime)
_bitcoindWithExternalIp = with pkgs ; writeShellScriptBin " b i t c o i n d " ''
externalip = " $ ( c a t / v a r / l i b / t o r / o n i o n / b i t c o i n d / h o s t n a m e ) "
exec $ { bitcoind } /bin/bitcoind " - e x t e r n a l i p = $ e x t e r n a l i p " " $ @ "
'' ;
# the package i provide to services.bitcoind ends up on system PATH, and used by other tools like clightning.
# therefore, even though services.bitcoind only needs `bitcoind` binary, provide all the other bitcoin-related binaries (notably `bitcoin-cli`) as well:
bitcoindWithExternalIp = with pkgs ; symlinkJoin {
name = " b i t c o i n d - w i t h - e x t e r n a l - i p " ;
paths = [ _bitcoindWithExternalIp bitcoind ] ;
} ;
in
2023-12-03 08:49:24 +00:00
{
sane . persist . sys . byStore . ext = [
# /var/lib/monero/lmdb is what consumes most of the space
{ user = " b i t c o i n d - m a i n n e t " ; group = " b i t c o i n d - m a i n n e t " ; path = " / v a r / l i b / b i t c o i n d - m a i n n e t " ; }
] ;
2024-01-04 16:20:28 +00:00
# sane.ports.ports."8333" = {
# # this allows other nodes and clients to download blocks from me.
# protocol = [ "tcp" ];
# visibleTo.wan = true;
# description = "colin-bitcoin";
# };
services . tor . relay . onionServices . bitcoind = {
version = 3 ;
map = [ {
# by default tor will route public tor port P to 127.0.0.1:P.
# so if this port is the same as clightning would natively use, then no further config is needed here.
# see: <https://2019.www.torproject.org/docs/tor-manual.html.en#HiddenServicePort>
port = 8333 ;
# target.port; target.addr; #< set if tor port != clightning port
} ] ;
# allow "tor" group (i.e. bitcoind-mainnet) to read /var/lib/tor/onion/bitcoind/hostname
settings . HiddenServiceDirGroupReadable = true ;
2023-12-03 08:49:24 +00:00
} ;
services . bitcoind . mainnet = {
enable = true ;
2024-01-04 16:20:28 +00:00
package = bitcoindWithExternalIp ;
2024-01-02 18:11:46 +00:00
rpc . users . colin = {
# see docs at top of file for how to generate this
passwordHMAC = " 3 0 0 0 2 c 0 5 d 8 2 d a a 2 1 0 5 5 0 e 1 7 a 1 8 2 d b 3 f 3 $ 6 0 7 1 4 4 4 1 5 1 2 8 1 e 1 a a 8 a 2 7 2 9 f 7 5 e 3 e 2 d 2 2 4 e 9 d 7 c a c 3 9 7 4 8 1 0 d a b 6 0 e 7 c 2 8 f f a a e 4 " ;
} ;
2024-01-03 18:29:16 +00:00
extraConfig = ''
# don't load the wallet, and disable wallet RPC calls
disablewallet = 1
2024-01-04 16:20:28 +00:00
# proxy all outbound traffic through Tor
proxy = 127 .0 .0 .1 : 9050
2024-01-03 18:29:16 +00:00
'' ;
2023-12-03 08:49:24 +00:00
} ;
2024-01-04 16:20:28 +00:00
users . users . bitcoind-mainnet . extraGroups = [ " t o r " ] ;
systemd . services . bitcoind-mainnet . serviceConfig . RestartSec = " 3 0 s " ; #< default is 0
2024-01-02 18:11:46 +00:00
sane . users . colin . fs . " . b i t c o i n / b i t c o i n . c o n f " = sane-lib . fs . wantedSymlinkTo config . sops . secrets . " b i t c o i n . c o n f " . path ;
sops . secrets . " b i t c o i n . c o n f " = {
mode = " 0 6 0 0 " ;
owner = " c o l i n " ;
group = " u s e r s " ;
} ;
2024-01-04 16:20:28 +00:00
sane . programs . bitcoind . enableFor . user . colin = true ; # for debugging/administration: `bitcoin-cli`
2023-12-03 08:49:24 +00:00
}